Centralization risk on the OWNER
role
The deployer
is responsible for receiving assets from the vault, supplying them to the Aave pool and transferring the aToken
back to the vault. However, the owner role can modify the pool's deployer
address at will.
function updateDeployer(IERC20 asset, IDeployer deployer) public {
require(hasRole(OWNER_ROLE, msg.sender), UNAUTHORIZED_ERR);
pools[asset].deployer = deployer;
}
function deployAssets(IERC20 asset, uint amount) public {
require(hasRole(OWNER_ROLE, msg.sender), UNAUTHORIZED_ERR);
requireAssetRegistered(asset);
PoolInfo memory pool = pools[asset];
require(asset.transfer(address(pool.deployer), amount), ASSET_DEPLOYMENT_ERR);
pool.deployer.deploy(asset, amount);
}
The deployer
in deployAssets()
can be changed by the vault's owner, potentially allowing the owner to direct all vault balances to a deployer address that they control.
Blackwing has acknowledged this but maintains it for upgrading deploy code. Additionally, Blackwing plans to use a multi-sig wallet to ensure their OWNER
's security.